Cisco XDR can be improved in terms of out-of-the-box integrations and standard operating procedures available on the platform where we would not have to refer to documents outside of the platform to integrate. Having these standard operating procedures or integration methods available within the platform for most devices will help improve our experience with Cisco XDR. The primary area for improvement is the integrations itself.
Cybersecurity Consultant | Managed Infrastructure Services Head | Business Apps and DevOps Head at Blueberry Tech Solutions India Pvt Ltd
Consultant
Top 20
Dec 15, 2025
Improvements in Cisco XDR revolve around performance. The less performance it utilizes to run at high configuration levels, the better it becomes, so all vendors need to continue working on keeping resource utilization low while providing optimum performance, which is a defining point or deal breaker.
To improve Cisco XDR, I can't think of anything super meaningful because a couple of features I'm interested in are actually ones that integrate with Duo, but that's not widely used. I'm fine with the features that are on their way into the product based on the roadmap I've seen, so I can't suggest any other features from a user perspective.
SOC Analyst at a educational organization with 501-1,000 employees
Real User
Top 20
Apr 14, 2025
An issue that we have with Cisco XDR is the observable list. These observables are basically similar to a chess board where you have a certain number of spots to put pieces. It's the same concept when we're doing investigations. We're only allowed 2,000 characters and up to 1,000 observables when we do investigations. If we have a list of domains we need to block, such as 4,000 domains, I can only block 100 domains at a time because if I put in more than 100 domains, I hit that 2,000 character max and can't continue with an investigation. Being able to put in all 4,000 domains, without a character limit or observable limit, would make doing those case books a whole lot easier and blocking those domains a whole lot easier too.
One area that needs improvement is the limited visibility due to the licensing structure. For more visibility, customers need the advantage or premier licensing, which involves additional costs. Competitors offer more visibility without any additional licensing, which is a significant drawback for Cisco.
Network Security Specialist at General Authority of Customs
Real User
Top 5
Feb 18, 2025
They need to provide better pricing and bundle XDR licenses with products like Meraki solutions or Firepower Threat Defense. Offering some free XDR licenses for testing features, similar to VPN licenses, could have a significant impact on costs.
Cisco XDR delivers an advanced threat detection and response experience through integration with Cisco's security suite, offering enhanced visibility, intelligence, and automation for network protection and system evaluations.Cisco XDR integrates with Cisco Meraki and Splunk, excelling in threat intelligence and zero-day attack detection. Its automated response features provide crucial support in managing extensive networks, while the comprehensive log management facilitates detailed...
Cisco XDR can be improved in terms of out-of-the-box integrations and standard operating procedures available on the platform where we would not have to refer to documents outside of the platform to integrate. Having these standard operating procedures or integration methods available within the platform for most devices will help improve our experience with Cisco XDR. The primary area for improvement is the integrations itself.
While Cisco XDR is robust, it could benefit from improvements on the AI side. More features could be added to prioritize and automate traffic.
Improvements in Cisco XDR revolve around performance. The less performance it utilizes to run at high configuration levels, the better it becomes, so all vendors need to continue working on keeping resource utilization low while providing optimum performance, which is a defining point or deal breaker.
To improve Cisco XDR, I can't think of anything super meaningful because a couple of features I'm interested in are actually ones that integrate with Duo, but that's not widely used. I'm fine with the features that are on their way into the product based on the roadmap I've seen, so I can't suggest any other features from a user perspective.
My only complaint about Cisco XDR is related to licensing, which is complicated.
Cisco XDR can be improved by addressing the upfront cost. Everything matters for us since we're small, mom and pop, so every dollar counts.
An issue that we have with Cisco XDR is the observable list. These observables are basically similar to a chess board where you have a certain number of spots to put pieces. It's the same concept when we're doing investigations. We're only allowed 2,000 characters and up to 1,000 observables when we do investigations. If we have a list of domains we need to block, such as 4,000 domains, I can only block 100 domains at a time because if I put in more than 100 domains, I hit that 2,000 character max and can't continue with an investigation. Being able to put in all 4,000 domains, without a character limit or observable limit, would make doing those case books a whole lot easier and blocking those domains a whole lot easier too.
One area that needs improvement is the limited visibility due to the licensing structure. For more visibility, customers need the advantage or premier licensing, which involves additional costs. Competitors offer more visibility without any additional licensing, which is a significant drawback for Cisco.
They need to provide better pricing and bundle XDR licenses with products like Meraki solutions or Firepower Threat Defense. Offering some free XDR licenses for testing features, similar to VPN licenses, could have a significant impact on costs.